1 Reply Latest reply on Jun 4, 2015 8:36 AM by Himanshu Mishra

    Wildfly SSL configuration

    Himanshu Mishra Newbie

      Hi,

       

      I am trying to configure SSL on wildlfy. I am able to do so with self-signed certificate.

       

      The problem is, when I import a trusted certificate in my keystore and use it with the alias 'mycert' I used to import the certificate. The error comes:

       

      Failed to start service jboss.server.controller.management.security_realm.SslRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.SslRealm.keystore: JBAS021000: The alias specified 'mycert' is not a Key, valid aliases are {mycert.co.in}

        at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:139)

        at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:78)

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]

        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]

        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

       

      The alias "mycert.co.in" wildfly is suggesting is one, which I used while creating keystore. When I use the alias "mycert.co.in", the certificate is shown as invalid. The browser is not showing the certificate that I imported to the keystore.

       

      My configuration is:

      <security-realm name="SslRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="ATT25238.qakeystore" relative-to="jboss.server.config.dir" keystore-password="chnageit" alias="mycert"/>

                          </ssl>

                      </server-identities>

                  </security-realm>

       

      below is the listener configuration:

      <https-listener name="https" socket-binding="https" security-realm="SslRealm"/>

       

      Can anyone help me on this?

       

      Thanks & Regards,

      Himanshu Mishra

        • 1. Re: Wildfly SSL configuration
          Himanshu Mishra Newbie

          I found out the way to create JKS file from the p7b file which I have recived from certificating authority. The generated keystore is working for me.

           

          1. Convert p7b to pem

          openssl pkcs7 -in mycert.co.in.p7b -inform DER -out mycert.co.in.pem -print_certs

           

          2. Extract private key from keystore

          keytool -importkeystore -srckeystore mykeystore.jks -destkeystore mykeystore.p12 -deststoretype PKCS12

          openssl pkcs12 -in mykeystore.p12 -passin pass:changeit -nocerts -out mycert.co.in.key -des -passout pass:changeit

           

          3. Export pkcs12

          openssl pkcs12 -export -inkey mycert.co.in.key  -in mycert.co.in.pem -name mycert -out mycert.co.in.p12

           

          4. Generate keystore for PKCS12

          keytool -v -importkeystore -srckeystore mycert.co.in.p12 -srcstoretype PKCS12 -destkeystore mycert.co.in.jks -deststoretype JKS

           

          Using this I am able to get the same certificate in browser, which I have received from certificating authority.